-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: New-AzADServicePrincipal: Values of identifierUris property must use a verified domain of the organization or its subdomain #16097
Comments
Still getting same error: I have upgraded to AZ version 6.5.0 Get-InstalledModule -Name az Version Name Repository Description 6.5.0 Az PSGallery Microsoft Azure PowerShell - Cmdlets to manage resources in Azure. I am still getting an error when I run this command Line | So the update didn't seem to help. Please let me know how to fix this. I can't add a custom domain as indicated by the workaround. So how can I fix this? |
@saldroubi please create a new issue specific to your situation, and you can refer to this issue. |
@dcaro I am also facing similar issue. Can you please provide some solution to fix this issue. Thanks in advance. |
The issue is applicable to AzureRM.Resources module and New-AzureRMAdServicePrincipal as well. (recommended to move to Az, as AzureRM is on deprecation path) |
The issue is applicable to AzureStack specific Az modules as well. The workaround mentioned in the issue description will work against azure stack. we do plan to release a new Az.Resources module for AzureStack |
Can someone confirm if you will still be able to use any domain without it being verified in AAD as long as you update the module? The way it's worded makes it sound as if the workaround is to verify the domain in AAD if you can't update your modules, therefore if you update you can continue using as is. We use dev.azure.com in these fields and obviously can't add this to our AAD tenant. |
After I ran the update this issue went away. |
AzureAD imposes the @RyanD2596 we provided the workaround in the case of updating the module is a problem but not to the new requirement. I have updated the wording hoping this brings more clarity. |
Hi, I'm having the same issue, I have az.resource 4.4.1 and its asking me to fill up identifierUris, can you confirm is this will be mandatory? |
It depends on the configuration of your tenant, if your tenant does not allow empty identifiedUris, you will have to specify a valid value when creating a service principal or an application. The Azure Active Directory documentation has more details on the requirement that they are now imposing. |
Thanks, so its only mandatory when its created thought powershell because when I create through portal is not mandatory. |
Also I looking for help about the right API permissions that a serviceprincipal must have to register new app. Do you know where can I address this? Thanks in advance |
Hi @mileee6 We have Files.ReadWrite.All and AllowedMemberTypes contains 'Application' as permissions for our serviceprincipal to register the new app. |
Try using @{add="https://identifierURL"} $app1 | Set-AzureADApplication -IdentifierUris @{add="http://adapplicationregistry.onmicrosoft.com"} |
Close this issue as feature is enabled on service side. |
…ershell#16097" This reverts commit cfda7e2.
…ershell#16097" This reverts commit f23a8fb.
Context
Error
New-AzADServicePrincipal: Values of identifierUris property must use a verified domain of the organization or its subdomain' is displayed when running
New-AzADServicePrincipalor
New-AzADApplication`.Due to the Azure Active Directory breaking change requiring AppId Uri in single tenant applications to require use of default scheme or verified domains you must upgrade the Az.Resources modules to version 4.1.0 or later to continue using
New-AzADServicePrincipal
orNew-AzADApplication
cmdlets.You can also upgrade to Az version 6.0 or greater.
Timeline
The requirement will be in effect starting 10/15/2021.
Impacted versions
The following versions of Azure PowerShell are impacted by the AzureAD breaking change:
If you are still encountering issues after upgrading, feel free to open an issue
Workaround
If you cannot upgrade to the PowerShell modules described above, you may update your script to follow those steps when creating a service principal:
The text was updated successfully, but these errors were encountered: